Vulnerabilities > CVE-2016-5118
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH network
low complexity
graphicsmagick
suse
oracle
opensuse
canonical
debian
imagemagick
critical
nessus
Summary
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1430.NASL description This update for GraphicsMagick fixes the following issues : - a possible shell execution attack was fixed. if the first character of an input filename for last seen 2020-06-05 modified 2016-12-12 plugin id 95704 published 2016-12-12 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95704 title openSUSE Security Update : GraphicsMagick (openSUSE-2016-1430) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2016-717.NASL description It was discovered that GraphicsMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using GraphicsMagick or an unsuspecting user using the GraphicsMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5118) Vulnerabilities in GraphicsMagick last seen 2020-06-01 modified 2020-06-02 plugin id 91769 published 2016-06-23 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91769 title Amazon Linux AMI : GraphicsMagick (ALAS-2016-717) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-1237.NASL description An update for ImageMagick is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 18 July 2016] This advisory has been updated to push packages into the Red Hat Enterprise Linux 6 Desktop channels. The packages included in this revised update have not been changed in any way from the packages included in the original advisory. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix(es) : * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5118) * It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5239) * Multiple flaws have been discovered in ImageMagick. A remote attacker could, for example, create specially crafted images that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would result in a memory corruption and, potentially, execution of arbitrary code, a denial of service, or an application crash. (CVE-2015-8896, CVE-2015-8895, CVE-2016-5240, CVE-2015-8897, CVE-2015-8898) last seen 2020-06-01 modified 2020-06-02 plugin id 91642 published 2016-06-17 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91642 title RHEL 6 / 7 : ImageMagick (RHSA-2016:1237) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2016-152-01.NASL description New imagemagick packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 91356 published 2016-05-31 reporter This script is Copyright (C) 2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91356 title Slackware 14.0 / 14.1 / current : imagemagick (SSA:2016-152-01) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-694.NASL description This update for GraphicsMagick fixes the following issues : - security update : - CVE-2016-5118 [boo#982178] + GraphicsMagick-CVE-2016-5118.patch last seen 2020-06-05 modified 2016-06-09 plugin id 91529 published 2016-06-09 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91529 title openSUSE Security Update : GraphicsMagick (openSUSE-2016-694) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-700.NASL description This update for ImageMagick fixes the following issues : - security update : - CVE-2016-5118 [boo#982178] + ImageMagick-CVE-2016-5118.patch last seen 2020-06-05 modified 2016-06-10 plugin id 91555 published 2016-06-10 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91555 title openSUSE Security Update : ImageMagick (openSUSE-2016-700) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3746.NASL description Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service attacks, remote file deletion, and remote command execution. This security update removes the full support of PLT/Gnuplot decoder to prevent Gnuplot-shell based shell exploits for fixing the CVE-2016-3714 vulnerability. The undocumented last seen 2020-06-01 modified 2020-06-02 plugin id 96103 published 2016-12-27 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96103 title Debian DSA-3746-1 : graphicsmagick - security update (ImageTragick) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL82747025.NASL description The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. (CVE-2016-5118) last seen 2020-06-01 modified 2020-06-02 plugin id 92005 published 2016-07-12 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92005 title F5 Networks BIG-IP : GraphicsMagick vulnerability (K82747025) NASL family Fedora Local Security Checks NASL id FEDORA_2016-7A878ED298.NASL description New GraphicsMagick bugfix/security release, see also: http://www.graphicsmagick.org/NEWS.html#may-30-2016 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-14 plugin id 92115 published 2016-07-14 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92115 title Fedora 23 : GraphicsMagick (2016-7a878ed298) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2990-1.NASL description Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as last seen 2020-06-01 modified 2020-06-02 plugin id 91450 published 2016-06-03 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91450 title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : imagemagick vulnerabilities (USN-2990-1) (ImageTragick) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1610-1.NASL description This update for ImageMagick fixes the following issues : - CVE-2016-5118: popen() shell vulnerability via filenames (bsc#982178) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93155 published 2016-08-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93155 title SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:1610-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-502.NASL description Bob Friesenhahn discovered a command injection vulnerability in Graphicsmagick, a program suite for image manipulation. An attacker with control on input image or the input filename can execute arbitrary commands with the privileges of the user running the application. This update removes the possibility of using pipe (|) in filenames to interact with graphicsmagick. For Debian 7 last seen 2020-03-17 modified 2016-06-03 plugin id 91446 published 2016-06-03 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91446 title Debian DLA-502-1 : graphicsmagick security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-500.NASL description Bob Friesenhahn from the GraphicsMagick project discovered a command injection vulnerability in ImageMagick, a program suite for image manipulation. An attacker with control on input image or the input filename can execute arbitrary commands with the privileges of the user running the application. This update removes the possibility of using pipe (|) in filenames to interact with imagemagick. It is important that you upgrade the libmagickcore5 and not just the imagemagick package. Applications using libmagickcore5 might also be affected and need to be restarted after the upgrade. For Debian 7 last seen 2020-03-17 modified 2016-06-03 plugin id 91444 published 2016-06-03 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91444 title Debian DLA-500-1 : imagemagick security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-757.NASL description This update for ImageMagick fixes the following issues : This security issue was fixed : - CVE-2016-5118: Prevent code execution via popen() (bsc#982178) This non-security issue was fixed : - Fix encoding of /Title in generated PDFs. (bsc#867943) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2016-06-23 plugin id 91774 published 2016-06-23 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91774 title openSUSE Security Update : ImageMagick (openSUSE-2016-757) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1570-1.NASL description This update for ImageMagick fixes the following issues : This security issue was fixed : - CVE-2016-5118: Prevent code execution via popen() (bsc#982178) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 91664 published 2016-06-17 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91664 title SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2016:1570-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-1237.NASL description From Red Hat Security Advisory 2016:1237 : An update for ImageMagick is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 18 July 2016] This advisory has been updated to push packages into the Red Hat Enterprise Linux 6 Desktop channels. The packages included in this revised update have not been changed in any way from the packages included in the original advisory. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix(es) : * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5118) * It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5239) * Multiple flaws have been discovered in ImageMagick. A remote attacker could, for example, create specially crafted images that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would result in a memory corruption and, potentially, execution of arbitrary code, a denial of service, or an application crash. (CVE-2015-8896, CVE-2015-8895, CVE-2016-5240, CVE-2015-8897, CVE-2015-8898) last seen 2020-06-01 modified 2020-06-02 plugin id 91641 published 2016-06-17 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91641 title Oracle Linux 6 / 7 : ImageMagick (ELSA-2016-1237) NASL family Scientific Linux Local Security Checks NASL id SL_20160617_IMAGEMAGICK_ON_SL6_X.NASL description Security Fix(es) : - It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5118) - It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5239) - Multiple flaws have been discovered in ImageMagick. A remote attacker could, for example, create specially crafted images that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would result in a memory corruption and, potentially, execution of arbitrary code, a denial of service, or an application crash. (CVE-2015-8896, CVE-2015-8895, CVE-2016-5240, CVE-2015-8897, CVE-2015-8898) last seen 2020-03-18 modified 2016-06-20 plugin id 91712 published 2016-06-20 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91712 title Scientific Linux Security Update : ImageMagick on SL6.x, SL7.x i386/x86_64 (20160617) NASL family Fedora Local Security Checks NASL id FEDORA_2016-0D90EAD5D7.NASL description New GraphicsMagick bugfix/security release, see also: http://www.graphicsmagick.org/NEWS.html#may-30-2016 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-14 plugin id 92058 published 2016-07-14 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92058 title Fedora 24 : GraphicsMagick (2016-0d90ead5d7) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3591.NASL description Bob Friesenhahn from the GraphicsMagick project discovered a command injection vulnerability in ImageMagick, a program suite for image manipulation. An attacker with control on input image or the input filename can execute arbitrary commands with the privileges of the user running the application. This update removes the possibility of using pipe (|) in filenames to interact with imagemagick. It is important that you upgrade the libmagickcore-6.q16-2 and not just the imagemagick package. Applications using libmagickcore-6.q16-2 might also be affected and need to be restarted after the upgrade. last seen 2020-06-01 modified 2020-06-02 plugin id 91430 published 2016-06-02 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91430 title Debian DSA-3591-1 : imagemagick - security update NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-1237.NASL description An update for ImageMagick is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 18 July 2016] This advisory has been updated to push packages into the Red Hat Enterprise Linux 6 Desktop channels. The packages included in this revised update have not been changed in any way from the packages included in the original advisory. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix(es) : * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5118) * It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5239) * Multiple flaws have been discovered in ImageMagick. A remote attacker could, for example, create specially crafted images that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would result in a memory corruption and, potentially, execution of arbitrary code, a denial of service, or an application crash. (CVE-2015-8896, CVE-2015-8895, CVE-2016-5240, CVE-2015-8897, CVE-2015-8898) last seen 2020-06-01 modified 2020-06-02 plugin id 91636 published 2016-06-17 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91636 title CentOS 6 / 7 : ImageMagick (CESA-2016:1237) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2016-1029.NASL description According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application.(CVE-2016-5118) - It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5239) - Multiple flaws have been discovered in ImageMagick. A remote attacker could, for example, create specially crafted images that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would result in a memory corruption and, potentially, execution of arbitrary code, a denial of service, or an application crash. (CVE-2015-8896, CVE-2015-8895, CVE-2016-5240, CVE-2015-8897, CVE-2015-8898) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-05-01 plugin id 99792 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99792 title EulerOS 2.0 SP1 : ImageMagick (EulerOS-SA-2016-1029) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2016-716.NASL description It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5118) It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5239) Multiple flaws have been discovered in ImageMagick. A remote attacker could, for example, create specially crafted images that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would result in a memory corruption and, potentially, execution of arbitrary code, a denial of service, or an application crash. (CVE-2015-8896 , CVE-2015-8895 , CVE-2016-5240 , CVE-2015-8897 , CVE-2015-8898) last seen 2020-06-01 modified 2020-06-02 plugin id 91768 published 2016-06-23 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91768 title Amazon Linux AMI : ImageMagick (ALAS-2016-716) NASL family Fedora Local Security Checks NASL id FEDORA_2016-40CCAFF4D1.NASL description New GraphicsMagick bugfix/security release, see also: http://www.graphicsmagick.org/NEWS.html#may-30-2016 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-14 plugin id 92087 published 2016-07-14 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92087 title Fedora 22 : GraphicsMagick (2016-40ccaff4d1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-693.NASL description This update for GraphicsMagick fixes the following issues : - security update : - CVE-2016-5118 [boo#982178] + GraphicsMagick-CVE-2016-5118.patch last seen 2020-06-05 modified 2016-06-09 plugin id 91528 published 2016-06-09 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91528 title openSUSE Security Update : GraphicsMagick (openSUSE-2016-693)
Redhat
advisories |
| ||||
rpms |
|
References
- http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8
- http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8
- http://hg.code.sf.net/p/graphicsmagick/code/file/41876934e762/ChangeLog
- http://hg.code.sf.net/p/graphicsmagick/code/file/41876934e762/ChangeLog
- http://hg.code.sf.net/p/graphicsmagick/code/rev/ae3928faa858
- http://hg.code.sf.net/p/graphicsmagick/code/rev/ae3928faa858
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00047.html
- http://www.debian.org/security/2016/dsa-3591
- http://www.debian.org/security/2016/dsa-3591
- http://www.debian.org/security/2016/dsa-3746
- http://www.debian.org/security/2016/dsa-3746
- http://www.openwall.com/lists/oss-security/2016/05/29/7
- http://www.openwall.com/lists/oss-security/2016/05/29/7
- http://www.openwall.com/lists/oss-security/2016/05/30/1
- http://www.openwall.com/lists/oss-security/2016/05/30/1
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/90938
- http://www.securityfocus.com/bid/90938
- http://www.securitytracker.com/id/1035984
- http://www.securitytracker.com/id/1035984
- http://www.securitytracker.com/id/1035985
- http://www.securitytracker.com/id/1035985
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.397749
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.397749
- http://www.ubuntu.com/usn/USN-2990-1
- http://www.ubuntu.com/usn/USN-2990-1
- https://access.redhat.com/errata/RHSA-2016:1237
- https://access.redhat.com/errata/RHSA-2016:1237